Authentication realms

An authentication realm defines the process to be used to authenticate users, and consists of the following steps:

1. Specification of how to collect user credentials, for example, by using a form, using basic HTTP authentication or using SSO.
2. Specification of how to verify the user credentials, for example, checking that the password matches the user name, or by using an LDAP server or some other authentication server.
3. Specification of how to build the user identity, that is, how to build objects that contain all the necessary user properties.

The same realm can be used in different security tests. In this case, clients must undergo the authentication process that is defined for the realm only once.

Authentication processes can be interactive or non-interactive, as demonstrated in the following authentication process examples:

• An example of interactive authentication is a login form that is displayed when a user attempts to access a protected resource. The authentication process includes verifying the user credentials.
• An example of non-interactive authentication is a user cookie that the authentication process looks for when a user attempts to access a protected resource. If there is a cookie, this cookie is used to authenticate the user. If there is no cookie, a cookie is created, and this cookie is used to authenticate the user in the future.